[thelist] Web Database Security (was: how did they hack...)
Raymond Camden
jedimaster at macromedia.com
Thu Apr 19 12:42:37 CDT 2001
I believe the point wasn't to strip out bad sql, ie, drop table, but to
escape the single quote, so the bad SQL doesn't matter anymore. That's what
I got, anyway. :)
=======================================================================
Raymond Camden, Principal Spectra Compliance Engineer for Macromedia
Email : jedimaster at macromedia.com
ICQ UIN : 3679482
"My ally is the Force, and a powerful ally it is." - Yoda
> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org]On Behalf Of Simon Coggins
> Sent: Thursday, April 19, 2001 12:30 PM
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] Web Database Security (was: how did they hack...)
>
>
>
> > Have you looked at server-side regular expressions? I'm not
> familiar with
> > PHP, but this might help (it's for ASP):
> > http://dynamic.15seconds.com/Issue/page.asp?Page_Id=306
>
> I thought about using RegExps to check for certain strings but I had a
> couple of problems with the idea:
>
More information about the thelist
mailing list